CVE-2021-3326 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2021-3326?

CVE-2021-3326 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3326?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Netapp E-Series Santricity Os Controller, Netapp Ontap Select Deploy Administration Utility, Oracle Communications Cloud Native Core Security Edge Protection Proxy, Fujitsu M10-1 Firmware.

Vulnerability Description

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Glibc	<= 2.32.0
Netapp	E-Series Santricity Os Controller	>= 11.0, <= 11.60.3
Netapp	Ontap Select Deploy Administration Utility	-
Oracle	Communications Cloud Native Core Security Edge Protection Proxy	1.5.0
Fujitsu	M10-1 Firmware	< xcp2410
Fujitsu	M10-1	-
Fujitsu	M10-4 Firmware	< xcp2410
Fujitsu	M10-4	-
Fujitsu	M10-4S Firmware	< xcp2410
Fujitsu	M10-4S	-
Fujitsu	M12-1 Firmware	< xcp2410
Fujitsu	M12-1	-
Fujitsu	M12-2 Firmware	< xcp2410
Fujitsu	M12-2	-
Fujitsu	M12-2S Firmware	< xcp2410
Fujitsu	M12-2S	-
Debian	Debian Linux	10.0

Related Weaknesses (CWE)

CWE-617

References

http://www.openwall.com/lists/oss-security/2021/01/28/2Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202107-07Third Party Advisory
https://security.netapp.com/advisory/ntap-20210304-0007/Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=27256Issue TrackingThird Party Advisory
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f
https://www.oracle.com/security-alerts/cpuapr2022.htmlNot Applicable
https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/01/28/2Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202107-07Third Party Advisory
https://security.netapp.com/advisory/ntap-20210304-0007/Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=27256Issue TrackingThird Party Advisory
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f
https://www.oracle.com/security-alerts/cpuapr2022.htmlNot Applicable

FAQ

What is CVE-2021-3326?

CVE-2021-3326 is a vulnerability with a CVSS score of 7.5 (HIGH). The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the...

How severe is CVE-2021-3326?

CVE-2021-3326 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3326?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Netapp E-Series Santricity Os Controller, Netapp Ontap Select Deploy Administration Utility, Oracle Communications Cloud Native Core Security Edge Protection Proxy, Fujitsu M10-1 Firmware.